** Description changed: - GPSd fails to access the socket used to communicate PPS signals with - Chrony. + [Impact] + + * Current GPSD apparmor isolation is too strict to use PPS devices + properly. + + * backport changes we added to 20.10 to fix this + + + [Test Case] + + * Set up a PPS device with chrony/gpsd as described in [1] + Check the log output. + + Bad case: + gpsd:PROG: PPS:/dev/ttyS0 connect chrony socket failed: /var/run/chrony.ttyS0.sock, error: -2, errno: 13/Permission denied + + Good case does not show the errors above. Check that gpsd properly + initializes the device by ensuring this works for the whole stack + and chrony ends up getting proper PPS time data (also in [1]). + + [1]: https://ubuntu.com/server/docs/network-ntp + + [Regression Potential] + + * As always with apparmor changes the regression risk comes in two way: + - we allow more than before, that could be insecure but we have the +1 + from the security team and optimized to further reduce permissions. + - we deny some access (to silence warnings) which could, if strictly + required for un-tested use cases break these use-cases. Neither in the + tests nor in the review/discussion such cases were identified. + + + [Other Info] + + * This is accepted in Debians packaging git, if not in Groovy in time I'll + need to put an 3.20-8ubuntu1 there, but I can preparing the SRU + independent to that. + + ---- ---- + + + GPSd fails to access the socket used to communicate PPS signals with Chrony. From the startup log: gpsd:PROG: PPS:/dev/ttyS0 connect chrony socket failed: /var/run/chrony.ttyS0.sock, error: -2, errno: 13/Permission denied The socket in question has these permissions: - $ ls -l /var/run/chrony.ttyS0.sock + $ ls -l /var/run/chrony.ttyS0.sock srwxr-xr-x 1 root root 0 Apr 10 17:25 /var/run/chrony.ttyS0.sock gpsd is running as its own user gpsd, and chrony as _chrony. $ groups gpsd gpsd : dialout - $ groups _chrony + $ groups _chrony _chrony : _chrony I have tried adding gpsd to group _chrony and changing the ownership and permissions of chrony.ttyS0.sock but to no avail. I always see the permission denied message. AppArmor rules for gpsd appear to allow the connection, too: - # default paths feeding GPS data into chrony - /{,var/}run/chrony.tty{,S,USB,AMA}[0-9]*.sock rw, - /tmp/chrony.tty{,S,USB,AMA}[0-9]*.sock rw, + # default paths feeding GPS data into chrony + /{,var/}run/chrony.tty{,S,USB,AMA}[0-9]*.sock rw, + /tmp/chrony.tty{,S,USB,AMA}[0-9]*.sock rw, So I am stumped.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1872175 Title: gpsd unable to open chrony PPS socket To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/chrony/+bug/1872175/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
